Privacy Policy

Effective June 12, 2026

Effective Date: June 12, 2026

Last Updated: June 19, 2026


1. Introduction

PensionForge, LLC ("PensionForge," "Company," "we," "us," or "our") operates the website https://pensionforge.com and the PensionForge retirement modeling service (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service.

PensionForge is not affiliated with, endorsed by, or connected to the Florida Retirement System, the State Board of Administration of Florida, the Florida Division of Retirement, or any other Florida state or local government agency.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service.

This Privacy Policy is incorporated into and subject to our Terms of Service.


2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address (required for account creation)
  • Authentication method (email magic link, Google OAuth, or Sign in with Apple)
  • Google profile information (name and email, if you choose Google OAuth)
  • Apple-provided information (name and email, or an Apple private relay email address, if you choose Sign in with Apple; Apple provides your name only on your first sign-in)

Profile Information:

  • Career stage (early, mid, or late career)
  • Job classification (Special Risk: firefighter, law enforcement officer, corrections officer, EMS/paramedic; Regular Class: teacher, state employee, county/municipal employee, university staff)
  • FRS class designation (Special Risk or Regular Class)
  • Hire date
  • Date of birth (used solely for age and retirement timeline calculations; not stored in scenario result records but retained in profile data)

Scenario and Calculator Inputs:

  • Salary information
  • Years of service
  • Contribution rates and balances
  • DROP participation details
  • Investment return assumptions
  • Household/spouse income data (Pro tier)
  • Optional Social Security estimation inputs (years of Social Security–covered employment, average career earnings, intended claiming age, or a known monthly benefit amount); we do not collect your Social Security number
  • Other retirement-relevant financial parameters you enter

Connected Financial Account Data (Plaid, Pro tier — optional):

If you choose to connect an external investment account through our Plaid integration, we retrieve and store the following on your behalf:

  • Institution name
  • Account name, type, and subtype (e.g., 457(b), 403(b), IRA, Roth)
  • Current and available balances
  • Holdings within the account (security name, ticker symbol, quantity, value, and cost basis)
  • Connection and synchronization status

This integration uses Plaid's Investments product only. Your account login credentials are entered directly with Plaid and your financial institution — they are never visible to or stored by PensionForge. The integration is read-only: PensionForge can read balances and holdings but can never initiate transfers, trades, or move money. Connecting accounts is optional and available on the Pro tier. See Section 14 for full details.

Alert Configurations:

  • Metric type (e.g., DROP lump sum, monthly pension, projected 457(b) balance, projected Roth balance, years to retirement)
  • Threshold value and direction (above/below)
  • Descriptive labels

Payment Information:

  • Subscription plan selection and billing cycle preference
  • On the web, subscriptions are processed by Stripe, Inc.; we store your Stripe customer and subscription identifiers and your current plan status.
  • In the iOS app, subscriptions are processed by Apple through In-App Purchase (StoreKit); we store the Apple transaction identifier, product identifier, and subscription expiration date in order to grant and verify your subscription.
  • Note: Payment card details (card number, CVV, expiration) are collected and processed exclusively by Stripe, Inc. (web) or Apple, Inc. (iOS) and are never transmitted to or stored on PensionForge servers.

Waitlist Information:

  • Email address
  • Tier interest (Pro or Founder promotional status)
  • Source page (the page from which you joined the waitlist)
  • Your user ID, if you are signed in at the time of signup

Referral Information:

  • If you upgrade to Pro, we generate a unique referral code associated with your account
  • If you arrive through a referral link, we briefly store the referral code in a pf_ref cookie (see Section 7.5) and, upon a qualifying subscription, create a referral record linking the referring and referred accounts together with any reward applied

Communications:

  • Feedback submissions (bug reports, feature requests, data accuracy concerns), which are routed to our private issue tracker hosted on GitHub and include your user ID and the page you submitted from (see Section 4.1)
  • Support inquiries via email

AI Narrative Data:

  • When you request a narrative summary, the generated text is cached on our servers and associated with your scenario
  • Per-user generation counters (tracked by user ID and generation date) record how many narratives have been generated

2.2 Information Collected Automatically

Usage Analytics (via Vercel Analytics):

This usage analytics applies to both the website and the PensionForge iOS app.

  • Pages visited and features used
  • Session duration and frequency
  • Device type, browser type, and operating system
  • Referring URL
  • Country-level geographic location (derived from IP address)

Performance Data (via Vercel Speed Insights):

  • Page load times
  • Core Web Vitals metrics (Largest Contentful Paint, First Input Delay, Cumulative Layout Shift, Interaction to Next Paint, Time to First Byte)
  • Error occurrences

Server Logs:

  • IP address (used for rate limiting, security, and abuse prevention; not linked to your account profile for analytics purposes)
  • Request timestamps
  • HTTP method and endpoint accessed

2.3 Information We Do Not Collect

  • Social Security numbers
  • Bank account numbers or routing numbers
  • Login credentials for external financial institutions (when you connect an investment account via Plaid, your credentials are entered directly with Plaid and your institution and are never visible to or stored by us; see Section 14)
  • Transaction history from external accounts
  • Employer-specific personnel records
  • Biometric data
  • Precise geolocation (GPS coordinates)
  • Data from your contacts, camera, or microphone
  • Advertising identifiers or cross-site tracking data

3. How We Use Your Information

We use the information we collect for the following purposes:

PurposeLegal Basis
Provide retirement calculations and projections based on your inputsPerformance of contract
Save and retrieve your scenarios and profilePerformance of contract
Cache profile and scenario data locally for offline accessPerformance of contract
Authenticate your identity and secure your accountPerformance of contract / Legitimate interest
Process subscription paymentsPerformance of contract
Send threshold alert email notificationsPerformance of contract (you configure alerts)
Send transactional emails (auth links, receipts, account notices)Performance of contract
Send waitlist confirmation and availability notificationsPerformance of contract (you join voluntarily)
Generate AI narrative summaries of your scenario projectionsPerformance of contract (you request generation)
Monitor and improve Service performance and reliabilityLegitimate interest
Detect, prevent, and address fraud, abuse, or security incidentsLegitimate interest
Enforce rate limits to maintain service qualityLegitimate interest
Comply with legal obligationsLegal obligation

We do not use your information to:

  • Sell or rent your personal data to third parties
  • Serve advertisements
  • Market financial products or services from third parties
  • Build advertising or behavioral profiles
  • Make automated decisions that produce legal effects concerning you
  • Train machine learning models on your personal financial data
  • Track you across other websites or applications

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with the following categories of service providers, solely to the extent necessary to provide the Service:

ProviderPurposeData Shared
Supabase, Inc.Database hosting, authenticationAccount data, profile data, scenario inputs/results, alert configurations, waitlist records, narrative caches
Stripe, Inc.Payment processing, subscription managementEmail, Stripe customer ID, subscription status; Stripe directly collects payment card details
Vercel, Inc.Application hosting, Vercel Analytics, Vercel Speed InsightsUsage analytics, performance metrics (Core Web Vitals), IP address (server logs)
ResendTransactional email deliveryEmail address, alert notification content, waitlist confirmation content
Anthropic, PBCAI narrative generationScenario-derived projection context (numerical results and calculation parameters); see Section 13 for details
Plaid Inc.Connected investment-account aggregation (Pro tier, optional)Account balances and holdings retrieved on your behalf; account login occurs directly with your institution via Plaid and credentials are never shared with us; see Section 14 for details
Google LLCOAuth authentication (if selected)Authentication tokens; Google provides us your email and name
Apple, Inc.Sign in with Apple authentication (if selected); In-App Purchase / subscription processing in the iOS appAuthentication tokens and the name/email (or private relay address) Apple provides; subscription transaction identifiers and status
GitHub, Inc.Private issue tracker for feedback submissionsYour user ID, feedback text, and the page URL from which you submitted feedback

4.2 We Do Not Sell Your Data

We do not sell, rent, lease, or trade your personal information to any third party for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.

4.3 Legal Disclosures

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

  • Comply with a legal obligation, subpoena, court order, or governmental request;
  • Protect and defend our rights or property;
  • Prevent or investigate possible wrongdoing in connection with the Service;
  • Protect the personal safety of users or the public;
  • Protect against legal liability.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service at least thirty (30) days before such transfer, including any changes in data practices, and inform you of any choices you may have regarding your data.

4.5 Aggregated and De-Identified Data

We may create and share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. Such data is not subject to this Privacy Policy.


5. Data Storage and Security

5.1 Data Storage Location

Your data is stored on servers operated by Supabase (database) and Vercel (application hosting) in the United States.

5.2 Security Measures

We implement the following security measures to protect your data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS).
  • Encryption at rest: Database storage is encrypted at rest using AES-256 encryption provided by our infrastructure provider.
  • Row-Level Security (RLS): PostgreSQL Row-Level Security policies enforce strict per-user data isolation at the database level. Each user can only access their own profiles, scenarios, and alerts.
  • Defense-in-depth: Application-layer access controls supplement database-level security as an additional safeguard.
  • Authentication security: Magic link tokens expire after one hour. Sessions are managed server-side with secure, HTTP-only cookies.
  • Rate limiting: Endpoints are rate-limited to prevent brute-force attacks and abuse (e.g., waitlist: 5 signups per hour per IP; feedback: 5 submissions per hour per user).
  • No plaintext secrets: Sensitive configuration (API keys, database credentials) is stored in environment variables, never in source code or client-side bundles.
  • Payment isolation: Payment card data never touches our servers; it flows directly from your browser to Stripe's PCI-compliant infrastructure.

5.3 Security Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You use the Service at your own risk.

5.4 Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within seventy-two (72) hours of confirming the breach, or within such shorter period as required by applicable state law (e.g., Florida requires notification "as expeditiously as practicable" and no later than 30 days; California requires notification "in the most expedient time possible"). Notifications will describe the nature of the breach, the types of information involved, and steps you can take to protect yourself.


6. Data Retention

6.1 Active Accounts

We retain your personal information for as long as your account remains active and as needed to provide the Service.

6.2 Account Deletion

Upon account deletion, data is handled as follows:

Data CategoryRetention After Deletion
Profile, scenarios, alerts, narrative cachesPermanently deleted from active database
Connected account data (balances, holdings, connection metadata)Deleted from active database when you disconnect an institution or delete your account; the connection is simultaneously removed at Plaid so no further data is retrieved
Encrypted database backupsDaily backups retained for up to 7 days, encrypted at rest (AES-256), then automatically overwritten
Server logs (IP, request data)Up to 3 days (application hosting) and 7 days (database infrastructure), then automatically purged
Stripe payment/transaction recordsRetained by Stripe per financial regulations (typically 7 years)
Apple In-App Purchase recordsSubscription identifiers retained in your profile while your account is active and deleted on account deletion; Apple retains purchase records per its own policies
GitHub feedback issuesRetained in our private issue tracker until resolved and periodically pruned thereafter; contain your user ID and the text you submitted
Resend email delivery logsTransactional email metadata (delivery status, timestamps) retained by Resend for up to 30 days; email content is not retained by PensionForge beyond transmission
Vercel analytics/performance dataRetained by Vercel per their data retention policies; Web Analytics data is anonymous by design (no personal identifiers collected); all data encrypted at rest (AES-256)
Waitlist recordsDeleted upon request or account deletion
Tax/accounting recordsRetained as required by IRS regulations (up to 7 years for transaction records)
Fraud/security investigation recordsRetained as necessary to protect against threats, enforce Terms, or comply with legal process

6.3 Inactive Accounts

We may delete accounts and associated data after twenty-four (24) consecutive months of inactivity, with thirty (30) days' advance email notice to the registered address.

6.4 Legal Retention

We may retain specific information beyond the periods described above as necessary to:

  • Comply with applicable law, regulation, or legal process;
  • Resolve pending disputes or enforce our agreements;
  • Investigate or prevent fraud, security incidents, or Terms violations;
  • Meet tax, accounting, or financial reporting obligations.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you;
  • Request a copy of your data in a structured, machine-readable format (JSON);
  • View all your saved scenarios and profile information through the Service interface.

7.2 Correction

You may update or correct your profile information and scenario data at any time through the Service. If you need assistance correcting information you cannot modify directly, contact us at team@pensionforge.com.

7.3 Deletion

You have the right to delete your account and all associated data. Account deletion can be initiated through your account settings. Upon deletion, we will remove your data as described in Section 6.2. Note that certain data may be retained by third-party processors or for legal compliance as described therein.

7.4 Alert and Email Preferences

You may:

  • Disable individual threshold alerts through your alert settings;
  • Unsubscribe from alert notification emails via the unsubscribe link in any alert email;
  • Manage alert preferences at https://pensionforge.com/alerts/unsubscribe.

Note: You cannot opt out of transactional emails (authentication links, security notices, subscription receipts) while maintaining an active account.

7.5 Cookies and Analytics

The Service uses essential cookies for authentication and session management, and a short-lived pf_ref cookie (up to 30 days) to attribute a referral if you arrive through a referral link. We use Vercel Analytics for basic usage metrics — in both the website and the iOS app — and Vercel Speed Insights for performance monitoring. We do not use third-party advertising cookies, cross-site tracking pixels, or fingerprinting techniques.

7.6 Local Data

You may clear locally cached data (profile, scenarios stored in IndexedDB for offline use) at any time by clearing your browser's site data for pensionforge.com. This does not affect data stored on our servers.

7.7 Do Not Track

The Service does not currently respond to "Do Not Track" browser signals. However, we do not engage in cross-site tracking regardless of this signal.

7.8 Connected Accounts

If you have connected an external investment account via Plaid, you may disconnect it at any time from your account settings. Disconnecting removes the stored balances and holdings from our active database and revokes the connection at Plaid (see Section 14).


8. State-Specific Privacy Rights

8.1 California Residents (CCPA/CPRA)

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides California residents with specific data privacy rights if the business meets applicable thresholds (annual gross revenue exceeding $25 million; buying/selling/sharing personal information of 100,000+ consumers; or deriving 50%+ of revenue from selling/sharing personal information).

Whether or not PensionForge currently meets these thresholds, we are committed to honoring the following rights for California residents:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.

Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions (e.g., completing a transaction, detecting fraud, complying with legal obligations).

Right to Correct: You may request correction of inaccurate personal information.

Right to Opt Out of Sale/Sharing: We do not sell or share (for cross-context behavioral advertising) your personal information. No opt-out is necessary.

Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (date of birth, financial scenario inputs) only for the purpose of providing the Service you requested. No limitation request is necessary.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected (per CCPA categories):

  • Identifiers (email address, IP address, Stripe customer ID, Apple transaction ID, referral code, user ID)
  • Financial information (subscription status, scenario inputs involving salary/contributions; balances and holdings from any investment accounts you connect via Plaid; payment card details held exclusively by Stripe)
  • Internet or electronic network activity (usage analytics, pages visited, performance metrics)
  • Professional or employment-related information (job classification, hire date, career stage, FRS class)
  • Inferences (calculated retirement projections based on inputs you provide)
  • Sensitive personal information (date of birth; financial modeling inputs)

Sources: Directly from you; automatically via Vercel Analytics and Speed Insights.

Business Purposes for Collection: As described in Section 3 of this Privacy Policy.

Third Parties Receiving Data: Service providers listed in Section 4.1. We do not sell or share data with third parties for their own commercial purposes.

Retention: As described in Section 6.

Authorized Agent: You may designate an authorized agent to make requests on your behalf by providing written authorization and identity verification.

Verification: We will verify your identity before fulfilling access or deletion requests by confirming your email address through the authentication method on file.

How to Exercise Rights: Contact team@pensionforge.com with "California Privacy Request" in the subject line. We will respond within forty-five (45) days.

If PensionForge meets CCPA thresholds at any future point, we will publish a conforming California Privacy Notice with all required disclosures.

8.2 Florida Residents

If you are a Florida resident, you may have rights under the Florida Digital Bill of Rights (FDBR), effective July 1, 2024. The FDBR applies to businesses meeting specific revenue and data-processing thresholds. Regardless of threshold applicability, we are committed to honoring these rights:

  • Right to confirm whether we are processing your personal data;
  • Right to access your personal data;
  • Right to correct inaccuracies;
  • Right to delete your personal data;
  • Right to obtain a portable copy of your data;
  • Right to opt out of the sale of personal data (we do not sell personal data);
  • Right to opt out of targeted advertising (we do not engage in targeted advertising);
  • Right to opt out of profiling that produces legal or similarly significant effects (we do not engage in such profiling).

Florida residents also have protections under the Florida Deceptive and Unfair Trade Practices Act (FDUTPA). Nothing in this Privacy Policy is intended to limit any rights you may have under applicable Florida consumer protection laws.

8.3 Other U.S. State Privacy Laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, and other states with consumer privacy laws may have similar rights to access, correct, delete, and port their data, as well as rights to opt out of certain processing activities.

To exercise these rights, contact team@pensionforge.com with your state of residence and the specific right you wish to exercise. We will respond within the timeframe required by your state's law (typically 30-45 days).


9. Children's Privacy

9.1 Age Requirement

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18.

9.2 Household Data Involving Minors

The household modeling feature is designed for spousal or partner retirement income modeling. Users may not enter a minor's personal information unless they are the minor's parent or legal guardian and the data is limited to what is reasonably necessary for dependent-related retirement calculations.

9.3 Discovery of Minor Data

If we become aware that we have collected personal information from a person under 18 without appropriate parental or guardian authorization, we will promptly delete that data and, if applicable, terminate the associated account. If you believe a child has provided us with personal information, please contact us immediately at team@pensionforge.com.


10. International Users

The Service is operated from and hosted in the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States. We do not specifically target users outside the United States, and the Service's calculations are specific to the Florida Retirement System.


11. Third-Party Links and Services

The Service may contain links to third-party websites, including official FRS resources, Florida legislative databases, and IRS publications. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party website you visit. The inclusion of any link does not imply affiliation with or endorsement by the linked organization.


12. Offline and Local Data

12.1 Unauthenticated Use

When you use PensionForge calculators without signing in, all calculations are performed locally in your browser. No data is transmitted to our servers. We have no access to inputs or results from unauthenticated sessions.

12.2 Authenticated Offline Storage

When you are signed in, the Service caches your profile data and scenario data locally in your browser's IndexedDB storage to enable offline access. This locally cached data may include:

  • Profile information (including date of birth and hire date);
  • Scenario inputs and calculated results;
  • Alert configurations.

This data remains on your device and is only synced with our servers when you are online and make changes. Unlike server-stored data, locally cached data is not protected by server-side access controls (such as Row-Level Security); it is accessible to anyone with physical or software access to your browser's storage on that device. You are responsible for securing access to your device. You may clear locally stored data at any time by clearing your browser's site data for pensionforge.com (typically via browser settings under "Clear browsing data" or "Manage site data").

12.3 Progressive Web App (PWA)

The Service supports installation as a Progressive Web App. When installed, the Service caches application assets (HTML, CSS, JavaScript) and the authenticated data described in Section 12.2 for offline functionality. Uninstalling the PWA removes cached application assets; browser site data may need to be cleared separately.

12.4 Mobile App Device Permissions (iOS)

The PensionForge iOS app may request the following device permissions. Each is optional, requested only in context when you use the related feature, and may be declined or later changed in iOS Settings:

  • Calendar (write-only): If you choose to add a projected FRS milestone (such as a DROP entry date or retirement date) to your calendar, the app requests write-only calendar access to create that event. The app only adds events you initiate; it never reads, modifies, or transmits your existing calendar entries.
  • Notifications (local only): If you enable alert notifications, the app schedules local notifications on your device when your configured thresholds are met. These notifications are generated on-device; the app does not register with the Apple Push Notification service (APNs) and does not collect or store a device push token.

The iOS app does not request access to your contacts, camera, microphone, photos, or precise location, and it does not access the advertising identifier (IDFA) or present an App Tracking Transparency prompt, because it does not track you across other apps or websites.


13. AI-Generated Content and Processing

13.1 How AI Is Used

The Service uses Anthropic's Claude API to generate natural language narrative summaries of your retirement scenario projections. AI generation occurs only when you explicitly request it (e.g., by clicking "Generate Summary" on the dashboard).

13.2 Data Sent to Anthropic

When you request a narrative summary, the following scenario-derived context is sent to Anthropic for processing:

  • Numerical projection results (e.g., estimated pension amount, DROP balance, contribution totals);
  • Calculation parameters and assumptions.

We do not send your email address, date of birth, account ID, scenario names, or other account-level personally identifiable information to Anthropic.

13.3 Narrative Caching and Storage

Generated narratives are cached on our servers and associated with your scenario to avoid redundant API calls. Per-user generation counters (tracked by user ID and date) record usage. Cached narratives are deleted when you delete the associated scenario or your account.

13.4 Anthropic's Data Practices

Anthropic's API is subject to Anthropic's privacy policy and usage policies. Per Anthropic's commercial API terms (as of the date of this policy), data sent through the API is not used to train Anthropic's models. We encourage you to review Anthropic's current privacy policy for the most up-to-date information.


14. Connected Financial Accounts (Plaid)

14.1 Overview

The Service offers an optional, Pro-tier feature that lets you connect external investment accounts (such as a 457(b), 403(b), or IRA) so that current balances and holdings appear alongside your projections. This feature is powered by Plaid Inc. ("Plaid"), a financial data aggregation provider. You are never required to connect an account, and the rest of the Service functions fully without it.

14.2 How the Connection Works

When you choose to connect an account, Plaid presents a secure window in which you select your financial institution and log in. Your institution login credentials are entered directly with Plaid and your financial institution; they are never transmitted to, visible to, or stored by PensionForge. After you authorize the connection, Plaid provides us an access token that allows us to retrieve account data on your behalf.

14.3 What We Retrieve and Store

We use Plaid's Investments product only. We retrieve and store:

  • Institution name;
  • Account name, type, and subtype;
  • Current and available balances;
  • Holdings (security name, ticker symbol, quantity, value, and cost basis);
  • Connection and synchronization status.

The integration is read-only. PensionForge can read balances and holdings, but can never initiate transfers, place trades, or move money. We do not retrieve transaction history, account or routing numbers, or your login credentials.

14.4 Synchronization

After you connect, we periodically refresh your balances and holdings — both when you manually request a refresh and automatically when your institution notifies Plaid of an update. Institution connections can expire or require re-authentication; when that happens, you may be prompted to reconnect.

14.5 Security of Connection Credentials

The Plaid access token associated with your connection is the most sensitive value in this feature. It is stored server-side only and is never exposed to your browser or returned in any API response; database access controls grant client applications access to every connection field except the access token. Data is encrypted in transit (TLS) and at rest (AES-256), consistent with Section 5.

14.6 Disconnecting

You may disconnect any linked institution at any time from your account settings. Disconnecting removes the stored balances and holdings from our active database and revokes the connection at Plaid via Plaid's item-removal process, after which no further data is retrieved.

14.7 Plaid's Data Practices

Your use of the Plaid connection is also subject to Plaid's own terms and privacy practices. We encourage you to review Plaid's End User Privacy Policy for information about how Plaid handles the data it processes.


15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy;
  • We will notify registered users via email at least thirty (30) days before material changes take effect;
  • We will post a prominent notice on the Service.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms. If you do not agree to the revised policy, you may delete your account before the effective date.


16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

PensionForge, LLC Email: team@pensionforge.com Website: https://pensionforge.com

For privacy-specific inquiries or to exercise your data rights, please include "Privacy Request" in your subject line.

We will respond to all privacy-related inquiries within thirty (30) days (or such shorter period as required by applicable state law).


17. Data Protection Summary

For quick reference, here is a summary of our core data commitments:

CommitmentStatus
We sell your personal dataNever
We serve advertisementsNever
We market third-party financial products using your dataNever
We use cross-site trackingNever
We share data with data brokersNever
We use data for targeted advertisingNever
Per-user database isolation (RLS)Always
Encryption in transit (TLS)Always
Unauthenticated use stays local to your browserAlways
You can delete your account and dataAlways
You can export your dataAlways
We notify you of material policy changesAlways (30 days advance)
We notify you of data breachesWithin 72 hours (or sooner if state law requires)